checkpoint - day 1
TRANSCRIPT
8/7/2019 Checkpoint - Day 1
http://slidepdf.com/reader/full/checkpoint-day-1 1/12
CSC Private
Checkpoint Firewall
Prepared By - Vinod Rathi
Division - GIS
Team - MNS
8/7/2019 Checkpoint - Day 1
http://slidepdf.com/reader/full/checkpoint-day-1 2/12
CSC Private
Day One Session
Objective
� Definition of firewalls
� Overview of Firewall Security Technologies
� Planning Firewall Installation
� Installing Firewall-1 (Checkpoint Firewall)
8/7/2019 Checkpoint - Day 1
http://slidepdf.com/reader/full/checkpoint-day-1 3/12
CSC Private
Introduction to Firewalls
What is a Firewall
� A device that allows multiple networks to communicate with each
other with defined security policy
� A system designed to prevent unauthorized access to or from
Private Network
� Used when networks with varying level of trust exists.
8/7/2019 Checkpoint - Day 1
http://slidepdf.com/reader/full/checkpoint-day-1 4/12
CSC Private
Different Types of Firewalls
Packet Filter
� Filters traffic at the network and transport layer of the TCPIP
model
� Looks at the source and destination ip address, protocolnumber, source and destination ports
� Static in nature. Completely based on the filter defined onthe device.
� Difficult to maintain. As the access filter grows in size, evenan expert could have difficulty in maintaining the filter.
8/7/2019 Checkpoint - Day 1
http://slidepdf.com/reader/full/checkpoint-day-1 5/12
CSC Private
ALG or Proxy Firewalls
� Takes requests from clients and connect to servers based on clientsbehalf
� It is usually specific to network service and hence can fully be awareof the sessions.
� Provides content screening, authentication and caching service.
� Consumes more memory and CPU cycles than traditional packetfilters.
� Not all applications works with proxy.
8/7/2019 Checkpoint - Day 1
http://slidepdf.com/reader/full/checkpoint-day-1 6/12
CSC Private
StatefulInspection
� Combines best features of Stateful packet filtering and applicationlayer gateways
� State engine rests between the data link layer and network layer
� Understands how specific protocols (eg http, ftp, telnet) operate
� Maintains state session table for all connections going through thefirewall.
� Makes security policy decisions based on the contents and context of the packet.
8/7/2019 Checkpoint - Day 1
http://slidepdf.com/reader/full/checkpoint-day-1 7/12
CSC Private
What firewall cannot do ?
� Malicious use of authorized service.
� Users not going through the firewall
� Social Engineering
� Flaws in the host operating system
� Any threats that may occur.
8/7/2019 Checkpoint - Day 1
http://slidepdf.com/reader/full/checkpoint-day-1 8/12
CSC Private
What kind of firewall is Firewall-1 (Checkpoint)
� Firewall -1 is a Stateful inspection firewall
� Uses Stateful inspection and application proxy
� Supports VPN (Site-2-Site, Client-2-Site)
� Provides content filtering using 3rd Party Products
� Policy based NAT (biggest advantage and ease of use)
� Enterprise wide policy management.
8/7/2019 Checkpoint - Day 1
http://slidepdf.com/reader/full/checkpoint-day-1 9/12
CSC Private
� High Availability (commonly known as HSRP or failover)
� INSPECT (modifying firewall state engine parameters)
8/7/2019 Checkpoint - Day 1
http://slidepdf.com/reader/full/checkpoint-day-1 10/12
CSC Private
Planning Firewall-1 Installation
� Document what your network looks like
� Generate network-map and define major points of interest andhow they logically connect.
� Note : Since Firewall-1 is a perimeter device, it can be bestutilized and is effective when the number of entry-exit points
are limited.
� Identify different zones of trust.
Following points should be considered before installing Firewall -1
8/7/2019 Checkpoint - Day 1
http://slidepdf.com/reader/full/checkpoint-day-1 11/12
CSC Private
Developing a Site-Wide Security Policy
� Security Policy ± A written document simple to read and clearlystates what resources to protect and conditions for providing or denying access.
� Lays overall foundation of how an organization approachessecurity issues.
� What Who and How
� What are your important resources to be protected
� Who is responsible for those resources
� How an organization protects those resources
� Senior Management Buy-in
8/7/2019 Checkpoint - Day 1
http://slidepdf.com/reader/full/checkpoint-day-1 12/12
CSC Private
Questions